MacPorts shell mode

Chris Jones jonesc at hep.phy.cam.ac.uk
Thu Oct 19 20:15:53 UTC 2017 

Hi,

> On 19 Oct 2017, at 9:07 pm, Rainer Müller <raimue at macports.org> wrote:
> 
>> On 2017-10-19 19:28, Christopher Jones wrote:
>> 
>>> If you really want to run a command without typing your password,
>>> configure the sudoers file accordingly. There are plenty of guides on
>>> the web on how to do this, or see 'man sudoers' and 'man visudo'.
>>> 
>>> Be aware of the security implications such a configuration has. Allowing
>>> to run port without sudo effectively allows to run any command as root,
>>> as it is trivial to execute other binaries.
>> 
>> Not true. In fact it is the exact opposite, more secure, if configured
>> correctly.
>> 
>> You can configure sudo so *only* /opt/local/bin/port is allowed to run
>> without a password. Any other use of sudo still requires the password. 
>> 
>> The reason doing this is more secure is because you can run ‘sudo port
>> XYZ’ without entering any password, which means any subsequent sudo
>> command will require authentication with a password. As a example
>> 
>>> sudo port XYZ
>>> sudo rm -rf /opt/loca>
>> has a very different outcome in the two cases… If you have configured
>> sudo to allow the first to run without a password, the second will
>> prompt you, at which point you might reconsider what you are doing… 
> 
> This only adds a safety net, so it stops you from running such a command
> accidentally. However, in terms of security, allowing to run 'port'
> without password is equivalent to allowing the user to run any command.

Well,  not entirely true. It only lets you run whatever port lets you do. The fact that port lets you do what you show below is for me more an issue with port being too flexible, than anything else. If it we up to me I would ‘t have options like —editor as part of port. 

> 
> One of the simplest possible ways to gain privileges would be something
> like 'sudo port edit --editor <...>'. That definitely affects security.
> 
> Of course in the end it is still the decision of each user whether this
> is grave enough or if the enhanced user experience is more important.

Indeed. My point was really just to point out it was not required to completely open up sudo, it can be limited to specific commands. 

Chris

> 
> Rainer

More information about the macports-users mailing list